CVE-2019-6700

Published: Jan 7, 2020Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An information exposure vulnerability in the external authentication profile form of FortiSIEM 5.2.2 and earlier may allow an authenticated attacker to retrieve the external authentication password via the HTML source code.

Affected (1)

Products: Fortinet: Fortisiem

Fortinet

1 product

Fortisiem

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortisiem	Before 5.2.5

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-522

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (2)

https://fortiguard.com/advisory/FG-IR-19-100

Source: psirt@fortinet.com

Vendor Advisory

https://fortiguard.com/advisory/FG-IR-19-100

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.